Enterprise networks can easily become infected with viruses and malware, particularly as the types and number of applications proliferate over the Internet. Keeping track of and preventing viruses and malware has, accordingly, become increasingly difficult.
Traditionally, signature-based security devices, firewalls, or anti-viruses are deployed to detect such threats. However, signature-based algorithms simply compare a byte sequence that has been detected to stored byte-sequences corresponding to known threats, which may be in a database. Thus, if a new threat has not yet been analyzed and recorded into the database, the signature based algorithm may not identify the new threat. Furthermore, if a threat has the ability to change, the signature-based algorithms may again fail to identify the threat because a current signature of the threat may be different from a stored signature of the same threat that was recorded earlier. Thus, polymorphic malware, zero-day attacks by threats that are novel or previously unseen, or other types of advanced persistent network threats are usually not detected or blocked by signature-based security algorithms.